Saturday, April 30, 2016

Hactivist collective Anonymous
has begun to leak documents from the Kenyan government as a part of a
sophisticated operation called #OpAfrica, a campaign aimed to expose the
government corruption across Africa.

An initial sample of 95 documents
revealed via an Anonymous Twitter account and can be accessed via a TOR browser.Hacked reviewed the documents that
were uploaded on the Dark Web and contains PDF and DOCX files.

A hacker is advertising a cache
of email addresses, poorly secured passwords, phone numbers, and other
information from users of photo sharing and video streaming app ’17’, which
is particularly popular in Asia.

The data is being sold on The
Real Deal, a dark web market that specialises in stolen information
and computer exploits.

The data was allegedly obtained
via an app server, and not the company’s website, the hacker advertising the
data told Motherboard in an encrypted chat.

Cybercriminals stole millions of dollars from Bangladesh’s central
bank and they managed to cover their tracks by using custom malware that
targeted the SWIFT interbank messaging system.

…Industry
professionals contacted by SecurityWeek commented on the incident,
including its implications for the financial industry, the possibility that
other proprietary platforms could be targeted in a similar fashion, and the
steps organizations should take to prevent these types of breaches.

A different face than the FBI shows? But not so different behind the curtain.

GCHQ Has Disclosed Over 20 Vulnerabilities This Year,
Including Ones in iOS

Earlier this week, it
emerged that a section of Government Communications Headquarters (GCHQ),
the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen
individual vulnerabilities in the past few months, including in highly popular
pieces of software like iOS.

…In a speech last year, the Director of GCHQ Robert Hannigan
said: “GCHQ has disclosed vulnerabilities
in every major mobile and desktop platform, including the big names
that underpin British business.”

However, governments sometimes withhold details of vulnerabilities from affected companies
because the security holes can be used for hacking operations instead. Motherboard's question of whether the recent
selection of vulnerabilities were only disclosed after they had already been
exploited by the offensive arm of GCHQ went unanswered.

In America, surveillance has always played an outsized
role in the relationship between creditors and debtors. In the 19th century, credit bureaus pioneered
mass-surveillance techniques. Today the American debtor faces
remote kill switches in their devices, GPS tracking on their leased cars, and
surreptitious webcam recordings from their rent-to-own laptops. And where our buying and borrowing habits were
once tracked by shopkeepers, our computers score our
creditworthiness without us knowing.

Health data is going to be Big (Data).Will we see Google (or Watson) doing the same
thing in the US?Globally?

PowerApps, which was codenamed Project Kratos, is designed
to allow business users and business analysts to create custom native, mobile,
and Web apps that can be shared simply across their organizations. Examples of just a few of the many types of
apps users can create using PowerApps include simple cost estimators, budget
trackers, and site-inspection reports.

PowerApps connects to existing cloud services and data
sources. It's designed to allow users to
build apps without writing code or having to figure out integration issues. The custom apps created with PowerApps can be
published internally across the Web, tablets and mobile devices, without
requiring app creators to go through app stores for distribution.

Microsoft on Friday announced that it would be making cash
donations to the Democratic convention but not the Republican one.

The announcement comes as advocates have increased their pressure
on technology giants and other large corporations to refrain from sponsoring
the Republican convention because of the rhetoric and proposed policies of GOP
presidential front-runner Donald Trump.

A patent filed in 2014 and published Thursday describes a
device that could correct vision without putting contacts in or wearing glasses
everyday.

But to insert the device, a person must undergo what
sounds like a rather intrusive procedure.

Here’s how it would work: After surgically removing a
person’s lens from the lens capsule of his or her eye (ouch!), a fluid would be
injected into the capsule. This fluid
would act sort of like a glue, allowing whoever is conducting the procedure to
attach an “intra-ocular device” to the lens capsule.

That fluid would solidify to create a “coupling” between
the lens capsule and the device, creating an electronic contact lens. The electronic contact lens would correct the
wearer’s vision.

…“A bill designed to strengthen the privacy and security of
student educational data continued down its apparently smooth path to passage
Wednesday, winning unanimous Senate Education Committee approval,” Chalkbeat
reports. Lest you think this
is a story about federal legislation and that DC gridlock is over, to be clear,
this is a measure in the state of Colorado.

Instead of being grateful that Vickery noticed
that they had not secured their database and then spent a lot of time trying to
identify them and alert them so that they could secure it, Movimiento Ciudadano
is blaming Vickery and telling the public that Amazon told them that
the database had been “hacked” or the victim of a “cyberattack.”

Movimiento Ciudadano is either incredibly ignorant or
liars. Amazon told them no such thing.

Chris Vickery contacted Amazon last night to ask what they
had actually said to Movimiento Ciudadano or its vendor, Indatcom. He
received the following statement from Amazon.

All AWS security features and
networks did, and continue to, operate as designed. Once AWS was notified that
an unsecured database containing sensitive information was being hosted on the
AWS Cloud and was publicly accessible via the Internet, we followed our
standard security protocols and have since confirmed that this database is no
longer publicly accessible. Customers who have questions about security best
practices can find information at our Security Resources page (http://aws.amazon.com/security/security-resources/).

…DataBreaches.net
understands that in 2013, Movimiento Ciudadano was fined over another data leak
involving voter information that was found up for sale. It would be understandable that they do not
want to be responsible for this newest incident, but they are responsible
for this incident, and the Mexican public needs to understand that.

The Supreme Court on Thursday approved a rule change that
would let U.S. judges issue search warrants for access to computers located in
any jurisdiction despite opposition from civil liberties groups who say it will
greatly expand the FBI's hacking authority.

U.S. Chief Justice John
Roberts transmitted the rules to Congress, which will have until Dec. 1 to
reject or modify the changes to the federal rules of criminal procedure. If
Congress does not act, the rules would take effect automatically.

Magistrate judges normally
can order searches only within the jurisdiction of their court, which is
typically limited to a few counties.

A key senator is trying to block
the Justice Department’s request to expand its remote hacking powers, after the
Supreme Court signed off on the proposal Thursday.

“These amendments will have
significant consequences for Americans’ privacy and the scope of the
government’s powers to conduct remote surveillance and searches of electronic
devices,” warned Sen. Ron Wyden.

The FBI paid under $1 million for the technique used to
unlock the iPhone used by one of the San Bernardino shooters - a figure smaller
than the $1.3 million the agency's chief initially indicated the hack cost,
several U.S. government sources said on Thursday.

…The FBI,
not the contractor, has physical possession of the mechanism used to open the
phone but does not know details of how it works,
one of the sources said.

The identity of the
contractor is so closely-held inside the FBI that not even Comey knows who it
is, one of the sources said.

…I saw a security
"strategy" this week in the wake of a major data breach which was
alarming, to say the least. I want to
capture the details of it here and frankly, tear it to shreds because we should
never see an organisation playing fast and loose with people's data in
this way. Hopefully if this strategy is
ever considered by others in future they'll stumble across this post and think
better of it.

This relates to the
Lifeboat data breach from earlier this week. Well actually, the breach itself was many
months ago but the disclosure was only this week and therein lies the
problem.

Thursday, April 28, 2016

A reader kindly informed me that Movimiento
Ciudadano, one of the political parties that had legitimate
access to Mexico’s voter data list, has admitted
it was responsible for the leak on Amazon. Except that as I read more, I realized they
weren’t really admitting they were responsible for the leak.

From what I’m reading in their statement and from a number
of sources, it seems like the Citizens Movement party is filing a criminal
complaint against Chris Vickery, claiming he broke Amazon’s great
security, or some such nonsense. They
write, in part:

To be clear: Chris Vickery never hacked into the database.
Citizens Movement left port 27017 open,
and so anyone and everyone could access it and download the voter data with no
login required. Amazon was not
responsible for securing that database and Vickery didn’t break any security: there
was no security, and that was Citizens Movement’s responsibility.

Trying to make it out that Vickery engaged in criminal
conduct is a lame attempt on their part to deflect blame for their infosecurity
failure.It is especially lame in light
of how appreciative Mexico INE has been of Vickery’s discovery and
notification.

“Don’t put off until tomorrow that which you can secure today.” An ancient
saying, I just made up.

A major data security breach at
Wendy’s restaurants could have been easily prevented had the company acted
faster, according to a class action filed on behalf of banks whose customers
were affected by the breach.

The suit, filed in Federal Court
in Pittsburgh on April 25 by First Choice Federal Credit Union, claims the
fast-food chain “refused to take steps to adequately protect its computer
systems from intrusion,” which led to a nearly five-month-long data breach
where customer credit card information was stolen.

They must have something that convinced the judge he is
probably guilty, right?Or can they do
this to anyone with an encrypted hard drive?I keep a large boring file named “This is important” on my backup DVDs
next to my encrypted files.Then I
re-encrypt everything.I will gladly
hand over that second encryption key and decrypting that file will prove that
it worked.Everything that still looks encrypted
must be gibberish.

A Philadelphia man suspected of
possessing child pornography has been in jail for seven months and counting
after being found in contempt of a court order demanding that he decrypt two
password-protected hard drives.

The suspect, a former
Philadelphia Police Department sergeant, has not been charged with any child
porn crimes. Instead, he remains
indefinitely imprisoned in Philadelphia’s Federal Detention Center for refusing
to unlock two drives encrypted with Apple’s FileVault software in a case that
once again highlights the extent to which the authorities are going to crack
encrypted devices. The man is to remain
jailed “until such time that he fully complies”
with the decryption order.

In March, 2016, a jury awarded wrestler Hulk Hogan $140
million in damages from a suit he brought against Gawker Media. In 2012, Gawker
released a sex tape of Hogan and his friend and radio DJ Bubba Clem’s wife,
which was taped by Bubba Clem, allegedly without Hogan’s knowledge. Hogan claimed that the tape represented an
invasion of his privacy by the press. Gawker
is appealing the decision.

Fabio Bertoni, the New Yorker’s general counsel, makes
the argument that the decision against Gawker chips away at freedom of the
press, largely by threatening editorial discretion about what is newsworthy and
producing a chilling effect.Sex tapes are considered newsworthy if they
expose the hypocrisy of a public official or are in some other way relevant to
public life. The Hogan tape is not
clearly newsworthy—but it’s not clearly not newsworthy, either. It had been floating among news organizations
for some time before Gawker decided to publish it, and Gawker editors have
since backpedaled a bit from their decision.

Is it true that there was no mechanism to issue warrants to trash
collectors?

Tim Cushing reports that not satisfied to rest on his
laurels in the Really Bad Ideas Department, Rhode Island Attorney General
Peter F. Kilmartin is behind a legislative proposal that amounts to a
very bad state-level version of the federal hacking statute, CFAA. Tim writes:

Whoever intentionally and
without authorization or in excess of one’s authorization, directly or
indirectly accesses a computer, computer program, computer system, or computer
network with the intent to either view, obtain, copy, print or download any
confidential information contained in or stored on such computer, computer
program, computer system, or computer network, shall be guilty of a felony and
shall be subject to the penalties set forth in §11-52-5.

…. With the advent of global
surveillance, “Our world is becoming better behaved, but perhaps less human,”
said Tijmen Schep, creative director of the Dutch arts collective SETUP, which for the past two years has worked on building a
national database of Dutch citizens based solely on open source data.

The initial point of the project
– originally known as the National Birthday Calendar – was to create
a provocative, interactive site that would know every Dutch citizen’s
birthday and recommend gifts based on their personal preferences. It became so easy to gather the information
about people, and they collected so much that they began referring to
it as the DIY NSA, a tongue-in-cheek reference to a do-it-yourself
National Security Agency.

Instead of developing their own hacking tools or buying them from third
parties, threat groups have increasingly turned their attention to open source
security tools, Kaspersky Lab reported on Wednesday.

One such tool is the Browser Exploitation Framework (BeEF), a penetration testing
suite that focuses on the web browser. It
allows pentesters to determine if the targeted environment is vulnerable by
hooking the browser and using it to launch attacks.

BeEF enables attackers to monitor and profile the visitors
of a website as it can deploy evercookies for persistent tracking, it can enumerate
browsers and plugins, and obtain a list of domains visited by the victim. In addition to tracking, it can also be used
to find and exploit vulnerabilities.

Wednesday, April 27, 2016

SWIFT, the global
financial network that banks use to transfer billions of dollars every day,
warned its customers on Monday that it was aware of "a number of recent
cyber incidents" where attackers had sent fraudulent messages over its
system.

…"SWIFT is aware
of a number of recent cyber incidents in which malicious insiders or external
attackers have managed to submit SWIFT messages from financial institutions'
back-offices, PCs or workstations connected to their local interface to the
SWIFT network," the group warned customers on Monday in a notice seen by
Reuters.

…SWIFT, or the Society for Worldwide Interbank Financial Telecommunication,
is a cooperative owned by 3,000 financial institutions.

…BAE said it
could not explain how the fraudulent orders were created and pushed through the
system.

But SWIFT provided some
evidence about how that happened in its note to customers, saying that in most
cases the modus operandi was similar.

It said the attackers
obtained valid credentials for operators authorized to create and approve SWIFT
messages, then submitted fraudulent messages by impersonating those people.

As I read this, the FBI intends to claim institutional ignorance.“We don’t have to share what we know because
we don’t know what we know.”Should be
amusing in any case where they need to show more than “It was a miracle!” in
court.

The FBI intends to tell the White House this week that its
understanding of how a third party hacked the iPhone of a shooter in San
Bernardino, Calif., is so limited that there’s no point in undertaking a
government review of whether the tool should be shared with Apple, officials
said.

…Last month, the FBI paid more than
$1 million for a tool to crack an iPhone used by one of the shooters in
California.But the
contract did not include rights to the software flaws that went into
the tool, officials said.
As a result, the bureau has a limited technical understanding of how the
method worked, officials said.

…“The threshold is: Are we aware of the
vulnerability, or did we just buy a tool and don’t have sufficient knowledge of
the vulnerability that would implicate the process?” he said at a cyber
conference at Georgetown University.

The FBI informed Apple Inc
of a vulnerability in its iPhone and Mac software on April 14, the first time
it had told the company about a flaw in Apple products under a controversial
White House process for sharing such information, the company told Reuters on Tuesday.

The FBI told the company
that the disclosure resulted from the so-called Vulnerability Equities Process
for deciding what to do with information about security holes, Apple said.

The process, which has been
in place in its current form since 2014, is meant to balance law enforcement
and U.S. intelligence desires to hack into devices with the need to warn
manufacturers so that they can patch holes before criminals and other hackers
take advantage of them.

…The issue of how
U.S. government agencies decide to share information about vulnerabilities in
computer and telecom products has received renewed scrutiny since the FBI
announced last month that it had found a way to break into the iPhone of one of
the shooters in December's massacre in San Bernardino, California.

Reuters reported earlier this month that the FBI
believed it did not have legal ownership of the necessary information and
techniques for breaking into the iPhone so would not be able to bring it to the
White House for review under the equities process.

The day after that report,
the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that
it can and does use the White House process and disclose hacking methods when
it can.

James Salmon reports that a new tool for small businesses
from Barclays Bank is raising privacy hackles.

The online service will enable
small companies – from corner shops to florists and local butchers – to track
the performance of similar businesses in their area.

Salmon reports that even though the data will supposedly
be anonymous – no individuals or individual firms are supposedly identifiable –
privacy advocates such as Privacy International find the service unacceptable:

Banks not only hold our money but
also vast quantities of our personal data. This gives them extraordinary insight, and
therefore power, into what we value and how we behave individually and as
compared to our peers.

‘Services such as SmartBusiness
demonstrate a growing trend of companies exploiting the vast amount of data
they collect on their customers. Such
exploitation is done without customers’ informed consent, and is unacceptable. The notion that any data, in particular
financial data, is anonymous is deceitful.

State police officials are using
online surveillance to monitor social media comments made about the Flint water
crisis, according to emails released by Gov. Rick Snyder’s office.

The emails show that officials
attempted on at least one occasion to initiate criminal proceedings against a Copper
City man over allegedly threatening comments he made on Facebook about the
government’s handling of the crisis.

“It’s time for civil unrest. Burn down the Governor mansion, elimionate
(sic) the capitol where the legislators RE-INSTATED the emergency dictator law
after the PEOPLE voted it down, and tell the Mich (sic) State Police if they
use military force, we will return with same,” according to a state police
email about the Facebook post.

A clever variant of phishing scams is proliferating among
enterprises, forcing CIOs to up their game even as they are still refining
their cybersecurity practices to contend with various zero-day attacks. Called whaling, the social engineering grift
typically involves a hacker masquerading as a senior executive asking an
employee to transfer money.

…Verizon,
in its just-released annual report of report of
cyber incidents, identifies phishing as the major problem. Of the over 65,200 incidents it gathered data
about, about 2,250 resulted in a breach, or confirmed disclosure of data to a
third party. (In Verizon's parlance, a
security 'incident' falls short of a breach.)

Should we tell them there is a
way bombs can home in on cash?(Or is
all this purely accidental?)

Maj Gen Peter Gersten, who is based in Baghdad, said the
US had repeatedly targeted stores of the group's funds.

The blow to the group's financing has contributed to a 90%
jump in defections and a drop in new arrivals, he said.

…In a
briefing to reporters, Maj Gen Gersten, the deputy commander for operations
and intelligence for the US-led operation against IS, said under 20 air strikes
targeting the group's stores of money had been conducted.

He did not specify how the US knew how much money had been
destroyed.

In one case, he said, an estimated $150m was destroyed at
a house in Mosul, Iraq.

Blockchain is a data storage technology with implications
for business that extend well beyond its most popular application to date — the
virtual currency, Bitcoin. To be sure,
the financial industry is taking notice of how it might use blockchain. Even the U.S.
Federal Reserve is optimistic, and a consortium of 42 top banks recently
demonstrated a proof of concept, with Barclays, BMO Financial Group, Credit
Suisse, Commonwealth Bank of Australia, HSBC, Natixis, Royal Bank of Scotland,
TD Bank, UBS, UniCredit, and Wells Fargo trading
mock shares and money. These are
staid financial institutions, not breathless startups.

“Much is written on the topic of cybersecurity. This CRS report and those listed below direct the reader to authoritative sources
that address many of the most prominent issues. Included in the reports are resources and
studies from government agencies (federal, state, local, and international),
think tanks, academic institutions, news organizations, and other sources. This report is intended to serve as a starting
point for congressional staff assigned to cover cybersecurity issues. It includes annotated descriptions of reports,
websites, or external resources…”

If you could send an email from Hillary to Donald, what
would you say?

We’ve all had questionable emails from miscellaneous folk
begging for a wire transfer to Nigeria. Most of us can spot the signs fairly easily,
and know when to delete an email straight away. In fact, most of these just automatically go
into spam and are subsequently swept away by a solid email service.

But then we get emails from family and friends — or
sometimes from our own address! So
what’s all that about? Does this mean
you (or someone you know) have been compromised? Otherwise, how can scammers do that?

Thankfully, you can password protect the app so kids don’t
just disable it and go on their merry way. You might find this app to be overkill, and it
won’t be battery-friendly since it needs to constantly access the camera, but
for those with young ones concerned about their screen time, it’s worth a shot.

In a true fairy tale of a
transportation project, Texas spent a measly $4.25 million widening a highway
and, in defiance of conventional wisdom among transportation planners, doubled
the speed of rush hour traffic on a notoriously congested highway in Dallas.

The Texas Department of Transportation repaved the
shoulders along both sides of a 6.3-mile stretch of State Highway 161 between
Dallas and Fort Worth in September. Then
it opened them up to traffic during the daily rush hour, keeping tow trucks on
standby in case someone breaks down. Based
on figures released this month, with the extra lanes in place, traffic “started
sailing,” The Dallas Morning News reported
this week.

…If you’re
looking for more things to read on your Kindle, have no fear. Here are all the websites, tools, and tips you
need to fill your e-reader with high-quality free content that will keep you
reading for hours without breaking the bank.

…More Articles on
Your Kindle

Just because a site doesn’t offer a Send to Kindle button
doesn’t mean you can’t get their articles on your e-reader. There are plenty of apps and extensions that
will let you send just about anything to
your Kindle (this is great for reading longform articles that might strain your eyes on a
backlit screen).

Push to Kindle, for example, has a browser extension that
lets you send anything you want with a click of a button.

Will my geeks start wandering the halls with cardboard
over their eyes?

…2016 looks set to be the year that virtual
reality comes into its own, but looking at the most popular
devices on the market may discourage you due to the high
costs. That’s why we’re going to show you how to get started with
VR on the cheap using the Google Cardboard.

From the Hack the Pentagon
announcement to the Facebook
Hacker Cup, there are loads of opportunities for those new to security to
either participate in educational hacking competitions or simply learn by
watching others compete. Michiel Prins,
co-founder, HackerOne, and Ryan Stortz, security researcher, Trail of Bits,
offered up a list of popular competitions and what they like most about some of
them.

The financial services industry is no longer the most targeted sector
when it comes to data-stealing cyber attacks, as healthcare climbed to the top
in 2015, IBM X-Force’s 2016 Cyber Security Intelligence Index reveals.

Overall, all industries had their fair share of data
breaches last year, though some were targeted far more frequently than others, the
report reveals.

The Hover Camera is exactly what you would expect, based
on its name. The new drone from Zero
Zero Robotics is the company's debut product, which will only be available
through a beta testers program for now. But those people that are selected to play
with it are likely to be fast moving, active folks who are eager to have an
autonomous camera drone follow them everywhere.

…The facial
recognition technology that allows the drone to keep you in frame and follow
you is run off of a 2.3-GHz quad-core Qualcomm Snapdragon 801 processor. There's no fan inside the Hover Camera, so the
company engineered slots along the edges that send air pushing through the
propellers into the body of the drone to cool things off.

The drone was dead simple to use. You turn it on, flip out the wings and then
toss it into the air, where it stops and hangs out awaiting instructions. The blades make a bit of noise, but not so I
couldn't continue my conversation normally. If your toss is a little off, the drone knows
how to how balance itself and get level using sonar and a ground facing camera.
The company assures me that tossing it
into the wind won't throw it off.

Would this make sense here?There are some Apps that contact friends, but
should there be an easy way to call 911?

India’s government will soon require cell phone
manufacturers to include a panic button on their devices, Bloomberg reported on
Monday.

Manufacturers will need to implement a feature by early
next year to connect allowing users to flag when they are in an emergency
situation. By 2018, they will be
required to implement global position system technology in phones by 2018.

Communication in the modern age?Maybe
I can get the University to block these – otherwise I could see them in the
papers my students submit.

…Investigators at
British defense contractor BAE Systems told Reuters that the malware in question, evtdiag.exe, had been
designed to change code in SWIFT’s Access Alliance software to tamper with a
database recording the bank’s activity over the network.

That apparently allowed the
attackers to delete outgoing transfer requests and intercept incoming requests,
as well as change recorded account balances – effectively hiding the heist from
officials.

The malware even interfered with a printer to ensure that
paper copies of transfer requests didn’t give the attack away.

…It’s
thought that the malware was part of a multi-layered attack and used on the
SWIFT system once
Bangladesh Bank admin credentials had been stolen.

…For its part, SWIFT
confirmed it is later today releasing a software update to “assist customers in
enhancing their security and to spot inconsistencies in their local database
records."

Sexual preference. Relationship status. Income. Address. These are just some details applicants
for the controversial dating site BeautifulPeople.com are
asked to supply before their physical appeal is judged by the
existing user base, who vote on who is allowed in to the “elite” club based on
looks alone. All of this, of course, is
supposed to remain confidential. But
much of that supposedly-private information is now public, thanks to the leak
of a database containing sensitive data of 1.1 million BeautifulPeople.com
users.The leak, according to one
researcher, also included 15 million private messages between users. Another said the data is now being sold by
traders lurking in the murky corners of the web.

Read more on Forbes.
The data leak was originally uncovered
by Chris Vickery (now a researcher with MacKeeper), but as we were told in many
cases last year, this was supposedly a “test server.” It seems
that the test server contained real data. [“Real data” is never as
useful for testing as “test data” that has been designed to exercise every edit
in the application.Bob]

We would probably have been better served if everyone (and
by everyone I mean the politicians) just avoided bragging.

The United States has opened a new line of combat against
the Islamic State, directing the military’s six-year-old Cyber Command for the
first time to mount computer-network attacks that are now being used alongside
more traditional weapons.

The effort
reflects President Obama’s desire to bring
many of the secret American cyberweapons that have been aimed elsewhere, notably
at Iran, into the fight against the Islamic State — which has proved
effective in using modern communications and encryption to recruit and carry
out operations.

…Cyber Command,
was focused largely on Russia, China, Iran and North Korea — where cyberattacks
on the United States most frequently originate — and had run virtually no
operations against what has become the most dangerous terrorist organization in
the world.

…The goal of the new campaign is to disrupt
the ability of the Islamic State to spread its message, attract new adherents,
circulate orders from commanders and carry out day-to-day functions, like
paying its fighters. A benefit of the
administration’s exceedingly rare public discussion of the campaign, officials
said, is to rattle the Islamic State’s commanders, who have begun to realize
that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if
they come to worry about the security of their communications with the militant
group. [Not so
sure about these last two ideas.Bob]

…The fact that
the administration is beginning to talk of its use of the new weapons is a
dramatic change. As recently as four
years ago, it would not publicly admit to developing offensive cyberweapons or
confirm its role in any attacks on computer networks.

That is partly
because cyberattacks inside another nation raise major questions over invasion
of sovereignty. But in the case of the
Islamic State, officials say a decision was made that a bit of boasting might
degrade the enemy’s trust in its communications, jumbling and even deterring
some actions. [Again, no so much… Bob]

Moves and counter-moves.You send
me annoying ads.I block annoying
ads.You try to identify anyone blocking
annoying ads so you can deny me access to content or override the block and
display annoying ads.I call in the
annoying ad lawyers…Would it be simpler
to make the ads less annoying?

All visitors and tourists to
Kuwait will now have to submit to a DNA test and be DNA tagged before they’re
allowed to enter the Persian Gulf state.

In a world first, Kuwait wants to
DNA “tag” everybody in, as well as entering the country with the new DNA
legislation that will become law this year.

[…]

According to The
Kuwait Times, the DNA testing law is “aimed at creating an integrated
security database”. The law – the first
of its kind in the world – and the DNA tagging will only be used for “criminal
security purposes” according to Kuwait officials.

“Kuwait will have a database
including DBA fingerprints of all citizens, residents and visitors. This law is the first of its kind in the world
and Kuwait is the first country worldwide to apply the system,” notes the
publication.

Do they have a moral obligation to monitor every social
media platform used by even one student?If not, can they tell us which ones they feel they can safely
ignore?They opened the can, are they monitoring
all the worms?

I’ve previously
noted (snarkily, of course) the use of SnapTrends software by Orange County
Public Schools in Florida to monitor students’ social media activities.

Well, it seems they’re pleased as punch with the results
of their monitoring. So much so that
they’re renewing
the contract for the software. Details
of the approximately one dozen police investigations that resulted from use of
the software and manual searches were not disclosed.

[From the
article:

"It's a no-brainer to me," Chairman Bill
Sublette said. "I think we have a
moral obligation in every sense of the word to monitor social media
for threats to our students or schools."

The school district declined to provide many details about
how the software is used or the types of social media posts that had generated
alerts, citing exemptions in open-records laws regarding security. Officials stressed the software looks only at
publicly available posts.

Just because the politicians are screaming for backdoors into encryption
does not mean the scientific side of the government feels the same way.

DARPA Is Looking For The Perfect Encryption App, and It’s
Willing to Pay

While the FBI keeps
crying wolf about the dangerous dark future where criminals use technology that’s
impossible to spy on, the Pentagon’s blue-sky research arm wants someone to
create the ultimate hacker-proof messaging app.

The Defense Advanced Research Projects Agency, better
known as DARPA,
is looking for a “secure messaging and transaction platform” that would use the
standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like
backbone structure that would be more resilient to surveillance and
cyberattacks.

DARPA’s goal is to have “a secure messaging system that
can provide repudiation or deniability, perfect forward and backward secrecy,
time to live/self delete for messages, one time eyes only messages, a
decentralized infrastructure to be resilient to cyber-attacks, and ease of use
for individuals in less than ideal situations,” according to a notice
looking for proposals, which was recently posted on a government platform that
offers federal research funds to small businesses.

100 data breaches later, Have I been pwned gets its first
self-submission

I certainly didn't expect it would go this far when I
built Have I been pwned (HIBP) a few
years ago, but I've just loaded the 100th data breach into the system. This brings it to a grand total of 336,724,945 breached accounts that have
been loaded in over the years, another figure I honestly didn't expect to see.

But there's something a bit different about this 100th
data breach - it was provided to me by the site that was breached themselves. It was self-submitted, if you like.

Today I’ve been looking at the Naughty America data breach which was in the news
10 days ago.The breach itself is dated
March 14 which is a day short of six weeks before the time of writing. Yet somehow, Naughty America have yet to acknowledge the incident. In fact,
the first a number of their customers knew of the breach was when I contacted
them today and repeated the same process as I’d done with the Filipino voters. Not only did I get affirmative responses, one
member of the site even emailed me the original welcome email he’d received
from them in 2010, complete with the precise date that was stamped on his
record in the data breach.

The breach was initially reported on Forbes, which sadly,
I no longer read because of their requirement that you turn off ad-blockers in
your browser. You can read other
coverage of the breach on TechInsider.

The Google
Cloud Vision API is currently in Beta and available to developers with a
basic pricing model that is free up to a thousand units per month. That means that developers have access to
powerful image analysis capabilities backed by Google’s Machine Vision
Infrastructure to implement in any
relevant project.

The technology uses machine learning to identify the
content in images, such as objects, colors, and notable landmarks. That data can be leveraged by applications or
other software to perform
specific tasks according to the developer’s intentions. In this tutorial on
Google Cloud Platform, followers learn how to use the Google Cloud Vision API
to detect faces in an image, and use that data to draw a box around each face.

Earlier this evening I hosted a Google+
Hangout On Air for people who had questions related to blogging for
professional purposes. It was an
informal half hour in which I answered a bunch of the questions that I
frequently receive in my email on that topic. A few new questions were added into the chat
too. If you weren't able to make it, you
can now watch
the recording on my YouTube channel. (you may want to fast-forward through
the first two minutes in which I was just setting things up).

EdTechTeacher,
an advertiser on this site, has launched a new FREE video series called #ETTchat.
Each week, one of their instructors posts a new video with ideas using
technology in the service of learning.

Collaborative Book Publishing

Google Slides has become a universal tool for students to
use on any device. In this video, Greg Kulowiec (@gregkulowiec) shows
how students could collaboratively design a book using Google Slides and then
publish it with the digital publishing platform, Issuu.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.